RADIUS Authentication

Note: RADIUS Authentication is an Advanced Authenticator available as part of the Professional Edition of ADSelfService Plus.

When RADIUS Authentication is enabled, end users will be considered enrolled and allowed to authenticate themselves by producing a valid RADIUS password and completing the RADIUS challenge, if configured.

What is the RADIUS challenge?

The RADIUS challenge comes into the picture when secondary authentication is configured in the RADIUS server in addition to the existing password-based authentication. Once it's configured, users need to provide the RADIUS password and a one-time passcode or secret key (according to admin configuration) for successful identity verification.

radius-authentication-01.png

radius-authentication-02.png

Prerequisite Steps:

Configure a RADIUS client in the RADIUS server for ADSelfService Plus using configuration steps specific to the RADIUS server.

For example, to configure a RADIUS client in freeRADIUS:

  1. Log in to the RADIUS server.
  2. Navigate to the clients.conf file (default location:
    /etc/raddb/clients.conf).
  3. Add the following snippet in the clients.conf file:
  4. client <xyz>
    {
    ipaddr = <xxx.xxx.xxx.xxx>
    secret = <abc>
    nastype = other
    }

    where,
    <xyz> refers to the ADSelfService Plus server name.
    <xxx.xxx.xxx.xxx> refers to the ADSelfService Plus server's IP address. and, <abc> refers to the secret key value created by the admin.

  5. Restart the RADIUS server.

Configure ADSelfService Plus for RADIUS:

  1. Navigate to Configuration → Self Service → Multi-Factor Authentication → Authenticators Setup.
  2. From the Choose the Policy drop-down, select a policy.

    Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.

  3. Click RADIUS Authentication section.
  4. Enter the Server Name, Server Port number, Server Protocol, Secret Key, Username Pattern, and the Request Time Out seconds.
  5. Important: The Username Pattern is case-sensitive.
  6. Click Save.
  7. Radius

Copyright © 2024, ZOHO Corp. All Rights Reserved.